2 files changed, 19 insertions, 9 deletions

diff --git a/src/cryptsetup/cryptsetup-tokens/luks2-tpm2.c b/src/cryptsetup/cryptsetup-tokens/luks2-tpm2.c
index 9f5dd46734..3d633de3f5 100644
--- a/src/cryptsetup/cryptsetup-tokens/luks2-tpm2.c
+++ b/src/cryptsetup/cryptsetup-tokens/luks2-tpm2.c
@@ -47,10 +47,15 @@ int acquire_luks2_key(
 
         return tpm2_unseal(
                         device,
-                        pcr_mask, pcr_bank,
+                        pcr_mask,
+                        pcr_bank,
+                        /* pubkey= */ NULL, /* pubkey_size= */ 0,
+                        /* pubkey_pcr_mask= */ 0,
+                        /* signature_json= */ NULL,
+                        pin,
                         primary_alg,
                         key_data, key_data_size,
-                        policy_hash, policy_hash_size, pin,
+                        policy_hash, policy_hash_size,
                         ret_decrypted_key, ret_decrypted_key_size);
 }
 
diff --git a/src/cryptsetup/cryptsetup-tpm2.c b/src/cryptsetup/cryptsetup-tpm2.c
index c715c8f232..c348e73b21 100644
--- a/src/cryptsetup/cryptsetup-tpm2.c
+++ b/src/cryptsetup/cryptsetup-tpm2.c
@@ -55,7 +55,7 @@ static int get_pin(usec_t until, AskPasswordFlags ask_password_flags, bool headl
 int acquire_tpm2_key(
                 const char *volume_name,
                 const char *device,
-                uint32_t pcr_mask,
+                uint32_t hash_pcr_mask,
                 uint16_t pcr_bank,
                 uint16_t primary_alg,
                 const char *key_file,
@@ -114,14 +114,17 @@ int acquire_tpm2_key(
         if (!(flags & TPM2_FLAGS_USE_PIN))
                 return tpm2_unseal(
                                 device,
-                                pcr_mask,
+                                hash_pcr_mask,
                                 pcr_bank,
+                                /* pubkey= */ NULL, /* pubkey_size= */ 0,
+                                /* pubkey_pcr_mask= */ 0,
+                                /* signature= */ NULL,
+                                /* pin= */ NULL,
                                 primary_alg,
                                 blob,
                                 blob_size,
                                 policy_hash,
                                 policy_hash_size,
-                                NULL,
                                 ret_decrypted_key,
                                 ret_decrypted_key_size);
 
@@ -135,16 +138,18 @@ int acquire_tpm2_key(
                 if (r < 0)
                         return r;
 
-                r = tpm2_unseal(
-                                device,
-                                pcr_mask,
+                r = tpm2_unseal(device,
+                                hash_pcr_mask,
                                 pcr_bank,
+                                /* pubkey= */ NULL, /* pubkey_size= */ 0,
+                                /* pubkey_pcr_mask= */ 0,
+                                /* signature= */ NULL,
+                                pin_str,
                                 primary_alg,
                                 blob,
                                 blob_size,
                                 policy_hash,
                                 policy_hash_size,
-                                pin_str,
                                 ret_decrypted_key,
                                 ret_decrypted_key_size);
                 /* We get this error in case there is an authentication policy mismatch. This should